Revisiting Wiener's Attack - New Weak Keys in RSA

In this paper we revisit Wiener's method (IEEE-IT, 1990) of continued fraction (CF) to find new weaknesses in RSA. We consider RSA with N= pq, q $\delta , where 2qi¾? p= Ni¾?and i¾?is a small value based on certain parameters. This presents additional results over the work of de Weger (AAECC 2002). Further we show that, the RSA keys are weak when $d and eis $O(N^{\frac{3}{2}-2\delta})$ for $\delta \leq \frac{1}{2}$. Using similar idea we also present new results over the work of Blomer and May (PKC 2004).

[1]  Jean-Sébastien Coron,et al.  Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring , 2006, Journal of Cryptology.

[2]  Hung-Min Sun,et al.  Estimating the Prime-Factors of an RSA Modulus and an Extension of the Wiener Attack , 2007, ACNS.

[3]  Hatem M. Bahig,et al.  A new RSA vulnerability using continued fractions , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[4]  Kenneth H. Rosen Elementary Number Theory , 2004 .

[5]  Hung-Min Sun,et al.  RSA with Balanced Short Exponents and Its Application to Entity Authentication , 2005, Public Key Cryptography.

[6]  Ron Steinfeld,et al.  Converse Results to the Wiener Attack on RSA , 2005, Public Key Cryptography.

[7]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice,Second Edition , 2002 .

[8]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[9]  Benne de Weger,et al.  Cryptanalysis of RSA with Small Prime Difference , 2002, Applicable Algebra in Engineering, Communication and Computing.

[10]  Alexander May,et al.  A Polynomial Time Attack on RSA with Private CRT-Exponents Smaller Than N 0.073 , 2007, CRYPTO.

[11]  Johan Håstad,et al.  On Using RSA with Low Exponent in a Public Key Network , 1985, CRYPTO.

[12]  H. C. Williams,et al.  A $p+1$ method of factoring , 1982 .

[13]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[14]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[15]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[16]  Michael J. Wiener,et al.  Cryptanalysis of Short RSA Secret Exponents (Abstract) , 1990, EUROCRYPT.

[17]  Andrej Dujella,et al.  Continued fractions and RSA with small secret exponent , 2004, ArXiv.

[18]  Johannes Blömer,et al.  Low Secret Exponent RSA Revisited , 2001, CaLC.

[19]  Robert D. Silverman Fast Generation Of Random, Strong RSA Primes , 1997 .

[20]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[21]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[22]  Johannes Blömer,et al.  A Generalized Wiener Attack on RSA , 2004, Public Key Cryptography.

[23]  Eric R. Verheul,et al.  Cryptanalysis of ‘Less Short’ RSA Secret Exponents , 1997, Applicable Algebra in Engineering, Communication and Computing.

[24]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[25]  Santanu Sarkar,et al.  RSA Cryptanalysis with Increased Bounds on the Secret Exponent using Less Lattice Dimension , 2008, IACR Cryptol. ePrint Arch..